- Company Name
- CyPro
- Job Title
- Security Operations Center Analyst
- Job Description
-
**Job Title:** Security Operations Center Analyst
**Role Summary:**
Experience‑level SOC analyst delivering 24/7 security monitoring, incident response, detection engineering, threat intelligence, automation, and internal security operations across Microsoft Sentinel, Microsoft Defender, Datadog, and Elastic.
**Expectations:**
- Work rotating 4‑day on/4‑day off shift schedule.
- Independently triage, investigate, contain, and remediate incidents.
- Develop and refine detection rules aligned with MITRE ATT&CK.
- Maintain incident records, runbooks, and knowledge base.
- Automate workflows using Logic Apps and other scripting.
- Support internal identity/MDM security and reporting.
- Keep up‑to‑date with threat trends and maintain relevant certifications.
**Key Responsibilities:**
*Security Monitoring & Incident Response*
- Monitor alerts from Sentinel, Defender, Datadog, Elastic.
- Assess severity, triage, investigate, and execute containment per playbooks.
- Correlate cross‑platform data for anomaly detection.
- Produce detailed incident reports, RCAs, and after‑action reviews.
- Log incidents in JIRA Service Management.
*Detection Engineering*
- Design and implement new detection rules in Sentinel.
- Draft and optimise KQL queries for hunting and detection.
- Refine logic based on false positives and evolving threats.
*Threat Intelligence & Enrichment*
- Analyze threat feeds, tag IOCs/TTPs in client environments.
- Participate in proactive hunting sprints.
*Client Support & Reporting*
- Prepare weekly/monthly SOC reports and trend analyses.
- Respond to client inquiries on investigations and coverage.
*Internal Security Operations*
- Administer identity management and MDM solutions.
- Ensure internal security posture meets client service standards.
*Process Improvement & Automation*
- Design Logic App workflows for automated response.
- Update runbooks and knowledge base.
- Propose tooling/process enhancements.
**Required Skills:**
- Proficiency in Microsoft Sentinel, KQL, Microsoft Defender, Datadog, Elastic.
- Incident response, triage, containment, and documentation.
- Threat hunting, IOC analysis, and threat intel integration.
- Familiarity with MITRE ATT&CK framework.
- Automation using Logic Apps, PowerShell, or equivalent scripting.
- Experience with JIRA Service Management.
- Strong analytical, problem‑solving, and communication skills.
**Required Education & Certifications:**
- Bachelor’s degree in Cybersecurity, Computer Science, or related field.
- Relevant certifications: Microsoft SC‑200 (Security Operations Analyst), AZ‑500 (Azure Security Engineer Associate) or equivalent.
---